Lists

Terms and Conditions
Lists hosted on this site
Email the Postmaster
Tips for posting to public mailing lists

Re: Using a SOAP Web Service from iPhone

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Using a SOAP Web Service from iPhone

Subject: Re: Using a SOAP Web Service from iPhone
From: Dru Satori <email@hidden>
Date: Fri, 9 Apr 2010 13:05:03 -0400

In this particular case, they do not, but you are correct, it should filter / encode those values.  As I said in the mail, it hasn't been reviewed that heavily yet.  It probably leaks like a sieve too :-)

Andy 'Dru' Satori

On Apr 9, 2010, at 12:59 PM, Jens Alfke <email@hidden> wrote:

>
> On Apr 9, 2010, at 8:52 AM, Dru Satori wrote:
>
>> [soapRequestXml appendFormat:@"\t\t\t<%@>%@</%@>\n", paramName, paramValue, paramName];
>
> Minor note: I hope none of your parameter values contain any XML metacharacters like quotes or angle-brackets, or you’re going to at minimum generate invalid XML, and at worst (if the values might come from an untrusted source) open yourself up to XML injection attacks.
>
> —Jens
_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

References:
	>Using a SOAP Web Service from iPhone (From: Joanna Carter <email@hidden>)
	>Re: Using a SOAP Web Service from iPhone (From: Dru Satori <email@hidden>)
	>Re: Using a SOAP Web Service from iPhone (From: Jens Alfke <email@hidden>)

Prev by Date: Re: NSPipe (NSFileHandle) writedata limit?
Next by Date: Re: Using a SOAP Web Service from iPhone
Previous by thread: Re: Using a SOAP Web Service from iPhone
Next by thread: Re: Using a SOAP Web Service from iPhone
Index(es):
- Date
- Thread